Friday, July 31, 2009

Here's Henry from Crooked Timber not getting it. Here's Randy McDonald not getting it. Look, the fact that neo-con wankers deal in baseless smears and mindlessly repeated talking points should neither be cause for surprise, nor should you hope to convince them of anything.

I occasionally make the point that after the Left invented post-modernism, the Right operationalised it and rolled it out as a coherent political-media-aesthetic package. If your politics depends on disagreeing with objective reality, and persuading people to vote against their interests, there is a huge opportunity in the realisation that it's possible to have multiple competing truths. Setting the limits of debate, and controlling the language in which it is carried out, is a valid and proven strategy for power.

Since then, among other things, we've discovered that in fact it is probably impossible to genuinely ignore anything; cognitive neuroscience has demonstrated that our judgements are measurably influenced by information that we know is completely wrong. Further, the mere availability of information increases its force; repetition works. Repetition works. The availability heuristic means that repetition works. Guess why - HITLER! - they keep talking - HITLER! HITLER! - about Hitler - HITLER! - on the most unlikely - HITLER! HITLER! HITLER! - topics.

The upshot is clear and bears repeating; the purpose of a system is what it does, and what this one does is to pollute the information environment with drivel so as to influence your judgement. Of course they are lying, and of course they are talking nonsense. It's what they do; they managed to invade Iraq like that, perhaps the most successful exercise in political manipulation in recent history.

They're endlessly repeating mindless crap because it's what they do. The answers are probably to do the same back to them, but more importantly, to secede from the information systems they dominate; this is arguably what happened in 2008.

Tuesday, July 28, 2009

According to Will Page of the MCRS-PRS, the music industry is more than making back the money it's losing from recording on live performance. That wasn't in the Digital Britain Report, now was it? We're doing our best. Meanwhile, MailWatch makes me think there's probably space for a blog devoted to reviewing films it's not seen, books it hasn't read, bands it's never heard, gigs it didn't go to. This one is roughly the same, but with politics, so why not? Still, there's more to life than snark, so I'll do a review of one I did go to.

A good gig for a Monday night at the Festival Hall. Oddly enough that is the only review I've seen anywhere; they are entirely right about Marianne's punctuality - no Austrian schlamperei there - and the dodgy sound early on. I could lean back, and hear the vocal, or lean forward, and hear the band, but not both. Fluid dynamics is a bit difficult, they say. Anyway, they fixed it, and perhaps it was a handy moment to have the backline slightly out of kilter while getting warmed up.

With a killer session band, faceless and expert like Australian rugby league players, the influence of all that late 70s new wave/postpunk/punkfunk stuff on every band going since about 2002 was only pointed out; it's probably time for a Broken English revival. They absolutely nailed that one, thrown out early doors in a confident old trick, before moving on to cover a Black Rebel Motorcycle Club song. See what I mean? BRMC certainly come under "memories of the Bush Administration", and it integrated with the rest of the set near perfectly. The band gave a dark, jazzy/punky edge to everything from Randy Newman to Why'd You Do It.

A good gig for cynics, then. Perhaps that was why there were so many men in the crowd who looked remarkably like Peter Mandelson, First Secretary and Chairman of the Expediency Council? I imagined some nightmare new subculture; Mandies. Just the right lapels and red silk ties, a sort of hyper-Mod flamboyant restraint, perhaps a taste for baile funk? You can probably bet they're out there; Rule 34 applies. I'd get an Urban Dictionary or Wikipedia definition up quicksmart, but I'm scared that someone else already has. At least the Mandies probably weren't the ones who kept howling after each song until they got what they wanted, which was to be ordered to "calm down" in suitably Hampstead & Heath Society tones.

The rest of us got away with being pressed into service as a mirror to fix her lipstick; no-one yelled "Up a bit!" but then, it was the first time we'd been a mirror and we'd probably be more fun next time. She'd already remarked that "it's wonderful how this song has come with us all these years...every time I sing it, there's another war on", which set the tone for the rest of the show - dry as a cat's tongue, like her voice.

Later in the week, Wynton Marsalis played the Barbican; technically fascinating, but I couldn't help feeling that he talked a very good game about how nothing that didn't swing could be described as jazz. Whatever could be said for this lot, they swung like an Excel workbook; and the place is perhaps the only situation in the world where paying £4.50 for a pint of beer is a valid economic decision, chiefly because they charge £3.50 for a half. Yes, I'm unfair, but I didn't have any emotional response to them at all - it really was like reading very good code. You can see the intelligence, self discipline, and cultural depth, but there's a gut ghost required which I just don't get. Yet.

Sunday, July 26, 2009

Rather than the intellectually demanding work of condensing a complex issue to two pages of clear text, the staff instead works to create 20 to 60 slides. Time is wasted on which pictures to put on the slides, how to build complex illustrations and what bullets should be included. I have even heard conversations about what font to use and what colors. Most damaging is the reduction of complex issues to bullet points. Obviously, bullets are not the same as complete sentences, which require developing coherent thoughts. Instead of forcing officers to learn the art of summarizing complex issues into coherent arguments, staff work now places a premium on slide building. Slide-ology has become an art in itself, while thinking is often relegated to producing bullets.

The next version probably will have an option to "Insert Brilliant Idea"; but any competent programmer would make sure it instead inserted an idea mediocre enough not to detract from the charts.

I especially like the quad chart, which was new to me; the military are ahead of the world of business on this one. What's a quad chart? It's a PowerPoint slide which consists of four other PowerPoint slides scaled down to fit.

This is depressing; they couldn't find enough volunteers to count the votes in the Norwich North by-election on the night. What's especially worrying is that it's one of those assumptions that you never think about - a sort of minimum of commitment to the special importance of voting. And it's being eroded, just as the police are gradually making their uniforms more militaristic, having been originally designed to be specifically civilian.

It's also probably significant that it was shot down with a "grenade launcher", i.e. an RPG, which suggests that the enemy were very close to whereever it was departing from, and that it wouldn't have helped much had they had a full defensive-aids suite.

Remember those Tuareg uranium guerrillas? Back in the summer of 2007, just before the crash, they were busy raiding Chinese prospectors and intriguing with both the French and the Nigerien government. And blogging, ISTR, on their Thuraya satphones.

Now look what's happened: they've been recruited by the Algerians to fight Al-Qa'ida, or more specificially the GSPC, the local affiliate. Few things can be as valuable these days as a good Al-Qa'ida affiliate; I can almost imagine a Mouse that Roared scenario, where some bunch of accidental guerrillas decide to set up as Al-Q so they can make the government an offer to crush them. Almost as good as having communists used to be.

A judge allowed publication for the first time of a deal which saw the Foreign and Home Offices pay the African state, which has no diplomatic ties with London, to seize 29-year-old Mustaf Jama in the desert two years ago, close to his warlord father's headquarters.

The ambush of Jama's Land Rover by 15 militiamen nearly failed when a pilot, hired to fly the captured gangster to Dubai, tried to back out, thinking that he was caught up in an anti al-Qaida operation which could bring reprisals.

You could say that again. And Dubai, of course, always Dubai; it's the opposite of the Somali badlands, a chaotic warzone with too much marble flooring.

Has anyone else noticed that SpinVox achieved the Turing Test in reverse? Rather than constructing a machine capable of conversing in a manner indistinguishable from a human being, they constructed a company to make human beings appear to be a machine. The shock some people claimed to feel at discovering that SpinVox is people! is probably the most interesting thing in this story.

Wired reviews a book on the media of the Middle East, The Media Relations Department of Hizbollah Wishes You a Happy Birthday. Well, even pirates have press spokesmen these days. It sounds like it could be interesting, but it strikes me that this piece by Tom Griffin about trolls sponsored by various Middle Eastern actors is its critical, rebellious twin.

The GLORIA Center at IDC gathered about thirty Israeli bloggers and members of Israel’s foreign and defense ministries for an informal gathering to evaluate the blogging effort during the Gaza war, new techniques and future challenges. Topics discussed included lessons of the Gaza battle for blogalogical warfare, live-blogging, new technologies and interactions with government. Bloggers delivered short presentations on their personal experiences and discussed future plans for cooperation....

Who wouldn't want to be a fly on the wall? It practically glows with a radioactive mixture of trollishness, self-righteousness, and raging, thinktank/intern ambition. A weaponised version of MessageSpace. You'll laugh; you'll cry; you'll read up on freeze-distilling your own hydrogen peroxide to escape all this hideousness!

As always, if you want a practical policy recommendation, make tools. A little investment in annoying javascript thingies pays off hugely by improving the productivity of your trolls; and it doesn't have to be technically very interesting.

It allows one to follow an act in its path across the two perfectly symmetrical chambers (La Camera and Il Senato), from its presentation as a proposal, to its final approval.

It tracks all the votations, highlighting rebel voters. It tracks who presented an act, and wether as a first-signer or a co-signer. It also tracks speeches of officials on given acts.

Access to textual documents related to an act is easy and documents can be emended by users online, using an innovative shared comments system (eMend), that allows discussions on a particular act to take place.

Users can describe the acts, using their own words, in a wiki subsystem, acts are ratable and commentable, too.

All acts are tagged with consistent arguments by an editorial board, and that allows to know what’s going on and who’s doing what in relation to a subject.

An event-handling subsystem allows the generation of news. Whenever an act is presented, it moves towards approval or refusal, a votation takes place, someone gives a speech or anything worth noticing happens, news are generated. A dedicated web page and a customized daily e-mail, containing just the news related to those acts, politicians or arguments monitored by the user, allows him/her to follow almost in real time what’s going on.

Pretty cool; better than anything we've got. And, I think, that's much more a piece of real citizen technology than any of the TwitBook propaganda apps, which are all about creating a sense of participation; possibly, they actually exist in order to provide that sense as a substitute for real participation, in order to prevent it.

In the world of Halting State, meanwhile, the Germans have had a wee probby with their electronic health cards. Partly it's due to a reasonably sensible design; they decided to store information on the card, rather than on a remote system, and to protect it using a public-key infrastructure.

Data on the cards would have been both encrypted for privacy, and signed for integrity, using keys that were themselves signed by the issuing authority, whose keysigning key would be signed by the ministry's root certification authority, operated by the equivalent of HM Stationery Office.

Not just any PKI, either; it would have been the biggest PKI in the world. Unfortunately, a hardware security module failed - with the keysigning key for the root CA on it, and there are NO BACKUPS. This means that all the existing cards will have to be withdrawn as soon as any new ones are issued, because they will need to create a new root KSK, and therefore all existing cards will fail validation against the new ones.

It's certainly an EPIC FAIL, and alert readers will notice that it's a sizeable chunk of the plot of Charlie's novel. But it's a considerably less epic fail than it might have been; if the system had been a British-style massive central database, and the root CA had been lost or compromised, well...as it is, no security violation or data loss has occurred and the system can be progressively restored, trapping and issuing new cards.

In that sense, it's actually reasonably good government IT; at least it failed politely.

• Frequent or intensive support work in general health settings, the NHS and further education. (Such work includes cleaners, caretakers, shop workers, catering staff, car park attendants and receptionists.)• Individuals working for specified organisations (e.g. a local authority) who have frequent accessto sensitive records about children and vulnerable adults.• Support work in adult social care settings. (Such jobs include day centre cleaners and those with access to social care records)

What are "safeguards"? It doesn't say. This has a real smell of disaster to it; a nasty XV230 ring. If you depend on the observation of rules for your safety, you therefore make the exceptions to the rules highly critical. There will always be exceptions; as Bruce Schneier tirelessly points out, this is why things like discretion, response, and audit are as important if not more than locks and alarms. But there is no mention in this document of what "safeguards" are, what "sufficient" ones might be, or how they intend to guarantee that the safeguards are, in fact, sufficient.

This is really quite dangerous, and probably makes the ISA a net security reduction.

The XV230 accident occurred in part because the RAF traditionally relied on the responsibility of senior engineers, who were in a different chain of command to the operational units, to certify its aircraft as airworthy, rather than on a set of formal requirements as the CAA does. In a sense, it was a system in which everything was an exception that had to be signed-off by an engineer. This wasn't necessarily disastrous - the railways worked like this pre-Railtrack, relying on the engineers who were individually responsible for each section of track or signalling rather than having a central asset register.

Over time, however, this had been eroded; it was no longer true that the engineering unit which signed off the Nimrods as airworthy was always headed by an engineer, for example, nor were they as senior as they had been. This meant they were both less technically aware and less able to resist pressure from the operational chain of command to keep 'em flying no matter what.

Now, if I read it right, the ISA is suggesting that the same organisation that chooses to hire someone despite their coming up database-positive would be responsible for the "safeguards". The advantage of separate lines of responsibility is lost. Worse, the inevitable dominance of false positive over true positive results means that this procedure will inevitably be used a lot. It's already started...

Much less seriously, what on earth is this agency doing with a domain name like "isa-gov.org.uk"? It seems to be pretending to have a .gov.uk domain; I can't imagine why it shouldn't. But this looks more like a phishing site than a real one. It seems spammy; I wouldn't send it confidential information without checking the WHOIS record. Hold on...

John Quiggin blogs about his zombie economics book, specifically the chapter on the efficient market hypothesis. This can be summarised as the doctrine that the current price of a security contains all the publicly available information about it. There is a debate about the degree of predictive power this has and the scope of its application, but at the bottom, there you are. In a sense, anyone who says that "you can't buck the market" is asserting some degree of the EMH, so it's an idea that has considerable political importance.

The EMH was originally derived based on the stock market, and it's precisely this bit that I have always found unconvincing. The reason is all about forecasts. The notion of "all the publicly available information" is a very big one; my objection is that all the publicly available information about a company is necessarily historical. Anything else is a forecast or promise derived from it. However, using that information to buy or sell the company's shares is a forward-looking act; doing so requires you to formulate a view about the future, based on the currently available information.

Now, you can either imagine that decisions are taken based on a pile of information that includes forecasts, or you can assume that the forecasts are part of the decision process. It doesn't matter. But what does matter is that decisions are taken on the basis of forward-looking statements. This immediately raises the question of how forecasts are made; which means we've got to open the black box and dig into institutions.

Commercial forecasts vary hugely in methodology, thoroughness, information content, and rigour; but almost all of them beyond the very simplest usually work by coming up with an estimated growth rate and projecting it forward to the forecast horizon. A serious one is likely to also model some limiting factors and do the sums for several alternative scenarios - for example, oil prices at $40, $80 or $120. This done, you plug in assumptions about margins and market share, and you have your estimate for profits in 2017, and therefore a net present value for the company. You can carry out a sensitivity analysis, changing factors and seeing which have the greatest impact on the model's output, and you will if you're serious about this.

But in practically all forecasts, the most powerful variable is the estimated compound annual growth rate (CAGR), which is just what it says on the tin - the average growth rate you're projecting over the forecast term. The problem with this is that it's not data, it's a forecasting assumption; you could decide to assume that the current CAGR will continue to hold, but this will guarantee that your forecast will probably be wrong, as it's precisely changes in the underlying CAGR that drive any really big shift in an industry. So you've got to pick one.

Of course, there are many ways you could do this. You could compare similar phenomena, or use a Bass diffusion curve, or ask everyone else in the office to estimate it and use a Bayesian analysis...but it's still a pick, so it's fundamentally going to be an index of the subjective optimism of the forecaster. This may be more or less informed or rational; but eventually it's a question of how good you think trade will be over the next x years.

To put it another way, forecasts are always driven by Keynesian animal spirits, and a forward-looking decision process based on historical inputs is critically dependent on forecasting. This is characteristic of all such processes, going right back to the Kerrison gun predictor and the other systems based on it.

This might not be so bad in terms of the EMH if there was any reason to think that the rational expectations hypothesis held for forecasts - that they were equally likely to be equally in error. But it obviously doesn't, because there is a fairly small range of possible options (it is unlikely that two forecasters will use a 0% and a 200% CAGR for the same market), many common factors influence all the forecasters, and the creation of consensus forecasts based on the average of other forecasts creates a psychological anchor. Making radically different predictions to the consensus involves taking a risk.

The upshot, then, is that essentially subjective choices of forecasting assumptions are market-moving factors which affect the asset side of the economy, which as John also points out, is traditionally a problem for economists. Further, Tobin's q implies a transmission mechanism between this and the level of capital investment in the economy as a whole, the most sensitive determinant of economic activity.

However, as Chris Dillow points out, supposed precision forecasting has strong institutional factors in its favour, which explains its survival in government. I would suspect that similar factors help it help the EMH survive elsewhere.

Saturday, July 18, 2009

OK, so some more Symbian-related whining. I've discovered Ensymble, the pythonic package that turns your .py scripts into SIS Symbian packages and signs them. Great. And then you can send the package to Symbian Signed Online and get them signed. Great.

And here's a useful map from Nokia showing which capabilities require which forms of code-signing. You'll observe that Location - which lets you use the GPS - is available for applications signed through Symbian Open Signing Online (which lets anyone sign their own SIS for their own use).

Unfortunately, with my newly signed package, signed by both me and by OSO....I'm still being given KErr -46 Permission Denied errors. I know it's this particular call, because although running an SIS file doesn't create any traceback, it's the first one in the flow-control code and the next one fires a user notification, which isn't happening. Enough, enough, already.

Monday, July 13, 2009

Oh Gawd, this is precisely one of the things I hate about Symbian S60 development.

OK, so I've now got a version of the PythonForS60 runtime that doesn't require a note from my parents or Jack Straw or God or someone to use GPS; but at some point they've pushed out an update to the phone that means I no longer get to choose where I save things it gets sent. A .py file is treated as a plain text file, which is OK, but this means that it gets saved as a "note". What this means in practice is that it doesn't appear anywhere in the damn filesystem. (If anyone knows where the bloody things are saved, and how to get at them, thanks in advance.)

So even having got away from the invisible Finnish policemen, I still can't run my own fucking code already without installing the 9 billion gigabyte Windows-only SDK, "signing up" for God knows how many vacuous "beta user accounts", and generally hopping about like a blue arsed fly doing absolutely nothing productive. Can we please please please get away from this crap? Can we?

Because we've set up the bureaucracy for it. Laugh! as the people responsible for the new US Cyber Command try to work out what it's for. As far as I can see, it duplicates all or part of NSA, DISA, CIA, DHS, NIST, and the services' signals commands and electronics materiel agencies. It is true that IT is a little like the famous crack about economics - a science so wont to usurp all others - but this is ridiculous. Apparently we're getting one too. Oh joy. Fortunately it's described as a "coordinator", a traditional British term for someone with no power or budget, so it can't do too much damage.

The CE industry is inherently deflationary -- Moore's law conceals this because we double the number of transistors on a die each generation, but under the hood the prices are falling by c. 20% per annum. Once we stop being able to have more transistors, existing fab lines will be amortized and the products will be commoditized. I speculate that we'll then enter a period where the computer industry splits between (a) high-end well-designed premium kit (cf. Apple) and (b) cheapCheapCHEAP!!! (cf. the netbook sector). And then there'll be a huge recession and layoffs, just as there was in aerospace around 1970 when the industry hit a performance wall (note that airliners today fly no faster than they did in 1970 -- Concorde's champagne quaffing elite aside, travel at over Mach 0.9 is not commercially sustainable).

Ultimately the field will be commoditized and after a period of consolidation and mergers it will become as thoroughly boring to outsiders as locomotive or airliner manufacturing.

The interesting developments will then take place in the areas of networking and software...

I disagree, at least in terms of economic, social, and literary possibility. Airliners may not go any faster than they did in 1970, but what Charlie thinks of as a "performance wall" could also be described as "the threshold of significance" or the "economic door". Concorde is the wrong example to look at; the real achievements of the time were the development of the 747 and 737 families, the arrival of autoland and modern avionics through Smiths and Hawker Siddeley, and the creation of Airbus.

Sure, they may not be going faster than Concorde, but there are a lot more of them, their marginal operating cost is a fraction of what it was, they crash a lot less, and they are on time more often. And they are chucking a lot of filth out the back, of course.

Forget Princess Margaret. Civil aviation only became interesting economically or sociologically after Charlie's performance wall - we've had David Frost commuting for the BBC from London to New York, we've had Easyjet ravers/poverty jetset types bouncing from sofa to sofa around Europe, Viktor Bout's inverted triangle trade shipping diamonds out of Africa and guns in, enabled by cheap Antonov-12s and international free trade zones, Kenyan farmers discovering they could get backload freight to Europe for pence. Before the "performance wall", people watched movies about air hostesses; after, they actually flew.

If the analogy holds true, the real change is still to come. It just feels like it's already happened...because science fiction covered it so well in advance, something it notably didn't do with the "aero" bit of aerospace. (O'Neill colonies! Flying cars! No Airbus 320s or Michael O'Learys.)

Charlie Stross feels that the Bernie Madoff case has put the sequel to Halting State behind the curve of criminal weirdness. I disagree strongly. Madoff was an American classic, as perfect an artefact of his society as aerosol cheese or moon landings. His fraud was a simple, well-executed example of the tried and trusted Ponzi scheme, a crime which was actually invented in the US by the eponymous Charles Ponzi in the 1920s. Like Ponzi's original, Madoff's homage surfed on the history of US immigration; Ponzi sold his paper to recent immigrants who trusted him as a fellow-Sicilian, Madoff to people who trusted him as a fellow Jewish New Yorker and a Wall Street figure in good standing.

In fact, his crime looks almost old-fashioned; the style of it is reminiscent of the 1950s, pitching an inside track on his wholesale brokerage to rich old Jews at country clubs and Miami Beach hotels. It could be a scene from The Producers. No computers; the investment operation, and fraud, ran from a cluttered office and a suburban accounting practice. It was all handshakes, and for the more sophisticated marks, the tacit understanding that his returns came from front-running his wholesale clients. You can't con an honest man, etc.

The only new element in it was brute size, but then, when has that not been an American tradition?

Compare the Sergei Aleynikov case; now that is thoroughly modern. The guy codes in Erlang, for the sake of all that is holy. And the most telling detail is that nobody is certain if there has even been an actual fraud. No money is missing, and the source code in question is so proprietary it's impossible to say if it's worth anything. Is it possible to write an EULA that would make you eat your own head if you looked at it? That really is the size of it; he's accused of violating software copyright, the most modern of possible crimes.

This is a marker of the times; things happen, but the motives are so overdetermined that it is impossible to pin agency or blame with any accuracy. Outrages and outages occur, but nobody squeals, as with the Israeli air raid on the "Box on the Euphrates" or the Libyan ELINT zorch of the Thuraya satellite they were part-owners of. The Jerome Kerviel case had a similar taste; he's on the out, and is suing SocGen for unfair dismissal. Even Bernie Madoff would have called that chutzpah.

The Conservative MP Patrick Mercer, who chairs the counter-terrorism sub-committee, said the mistake had left the Sawers family "extremely vulnerable". Referring to Miliband's suggestion that the incident was not significant, Mercer said: "If that is the case why has the site being taken down?" He also pointed out that military chiefs had warned that the Taliban get 80% of their intelligence from Twitter and Facebook.

Can he really believe this? Eighty per cent? What percentage of users of either are located in Afghanistan? I'm going to stick a target on the wall and say it's much less than 1%, so this suggests that a very few people are very insecure indeed. Perhaps we could just ask the guy to knock it off, or post him to the Falklands?

I'd be surprised if 80 per cent of their intelligence didn't come from informers, friendly civilians reporting where our patrols go, if not more. Rather like it did in Northern Ireland. And Patrick Mercer of all people ought to be well aware of the possibilities...

He's got form for Chris Morris-esque nonsense, mind you; remember his role in the Glen Jenvey/Comedy Gladio affair? Some people are, indeed, very insecure indeed about the world of today, and it remains truly remarkable just what stuff a lot of MPs will happily read out to the camera without passing it through their brains. The question remains whether Facebook is a made-up Web site.

After all, they often do things that look superficially like engaging intellectually with new ideas from the Left; writing articles about Sen or Etzioni or whoever in journals like Progress or Renewal, taking part in seminars at the IPPR or RSA. But then, you look at the outputs, both in terms of policy and of rhetoric. There's clearly a big gap here. Do they really think about Sen and decide to let bouncers in Norwich collect fines? Surely no process of cogitation, however twisted, would come up with this stuff? It's obvious that there must be some other level of thought that determines their actions.

There is of course an alternative explanation. What if the whole fuss was entirely divorced from the content of politics? What if it was a kind of sport, pursued for the challenge of it, for the mental exercise, the status that accrues to winners, and perhaps its abstract beauty? It's quite possible for this to be true even if the participants fool themselves that it affects the content of their thinking on actual, operational matters.

Indeed, quite possibly, they accept the operational code that governs the daily conduct of politics because they fool themselves that they are really influenced by Sen, or whoever is fashionable in these circles this week.

Now this is absolutely terrifying; the Tory policy on what to do with the NHS National Programme for IT is apparently to give everyone's data to "Google or Microsoft". And that appears to be it. This is deranged in several ways. First of all, MICROSOFT??!!! What the fuck are they THINKING? You know, the people whose crappy browser and crappier operating system gave us the current malware ecosystem. The people whose business model is to make it too technically and legally difficult to ever change your mind.

It is fashionable in some circles to moan about "freetards" and Wikipedia being a "cult", but as Stafford Beer would say, the purpose of a system is what it does.

MS products have been triumphantly successful in a couple of things - inducing people to buy ever more aftermarket security products from other American proprietary software companies, scaring them off going to the competition by making all their file formats very slightly incompatible with everything else including other versions of their own products, and generally maintaining the public belief that computers are terribly mysterious and frightening and that they must expect the experience of using them to be painful and unpleasant. This belief is very useful if you want to sell products on "user friendliness" (i.e. pretty graphics) or if you want to sell things to them in general.

Similarly, the original MS business model was to give away the software-development kits in order to attract as many developers as possible to make applications for DOS or Windows, which would attract people to buy the operating system they ran on. Unfortunately, since the mid-90s, they have been far more successful in fostering a shadow developer ecosystem, dedicated to exploiting the possibilities offered by the bugs rather as the official developers were dedicated to exploiting the possibilities offered by the APIs. I'm sure they didn't consciously seek this...but see the Beer quote above.

Anyway, the purpose of the Google system is to sell advertising and they make absolutely no bones about that. This, of course, has consequences for the wider health system; the NHS is unlikely to be buying lots of ads to go next to your Google Health file. The people who do that are US drug companies, who are allowed to market direct-to-consumer with well-known and mostly terrible effects on the nation's health. Why would a political party led by a former commercial TV executive, whose head of fundraising is the owner of an advertising agency, perhaps be interested in this? Anyone? Have the Midlands Industrial Council already banked the cheque?

But what really horrifies me about this arse-awful Sunday for Monday job is that it shows clearly that the Tories involved simply haven't read the brief, or aren't capable of doing so. Microsoft and Google's embryonic health products consist of a single sign on and Web user interface for individual medical records. That's it. But NPfIT is gigantically more complicated than that. It includes a medical record system. It also includes Choose and Book. It also includes a comprehensive workflow system for the entire NHS; to be clear, the biggest and most complex enterprise workflow installation in the world.

Google does not stock and does not sell anything like that; MS doesn't do that much of it either. If they had said IBM, SAP, or BT Global Services I'd have been slightly less horrified; it would have shown that they were not particularly interesting or innovative (conservative, indeed), but had at least done a minimum of reading. And they don't appear to be aware that the medical records (the Spine) are one of only two services in the project that have actually gone live.

But then, I suppose, if the records hadn't already been filed in BTGS' data centres, it would have been a sight harder to think about privatising them. The purpose of a system, etc.

It's often the least well thought out eye-catching initiatives that say the most about the thought processes that underly them. Is it possible that quick-fire press releases are where the political system dreams?

Saturday, July 11, 2009

There's going to be a meetup at the Sir Richard Steeles on either Tuesday or Wednesday evening (it looks like at the moment). Readers are invited. Feedback on the time and date is appreciated. Update: Looks like we'll go with Wednesday.

Thursday, July 09, 2009

Much fuss about the yellow press listening to voicemail through knowing the default passwords. I'm rather more worried about their network of private detectives who had access, according to the print version, to police databases and to BT's billing system. And I'm depressed about a group of journos who, given the keys to the 650 terabyte BSS/OSS database at BT Martlesham Heath, couldn't think of anyone more interesting to spy on than Gordon Taylor. He's not even the most interesting person in football I'd want to pull a STELLAR WIND call detail record/social network plot on.

But I'm really keen to know why nobody wants to mention that Andy Coulson, News of the Screws editor, and Rupert Murdoch's ambassador to David Cameron, isn't just mixed up in this. He is. But he's also involved - according to the courts - in a dispute at the paper which ended with him and other execs trying to bully one of their employees' doctor into changing his mind over whether they had bullied the employee into quitting. They further tried to force the guy to see a company doc - a Dickensian mine-owner's trick - and two of Coulson's direct reports (his deputy and the sports ed) were named by the court as having lied about the affair.

You want names? The liars are Paul Nicholas and Mike Dunn. But Coulson was in charge, just as he was during the spy operation. Now, if I was a pol looking to sink the Tory spin-control ship, I'd want to pull this story in as much as possible. A fit and proper person? Well...

But who, being fit and proper, would take on the job of a Tory Ali-C clone?

Further inquiries show that the story originates from a local news agency (South West News) and the DCSF press office. The Telegraph claims that the comment was sent by e-mail, but there are no MySociety sites that accept comments by e-mail, so this cannot be true. TheyWorkForYou doesn't send confirmations by e-mail, so it can't be one of those, although WriteToThem and FixMyStreet do.

Clearly, someone is telling porkies, and using the same as grounds to terminate some poor sod's employment. Now, civil servants are formally bound by oath to renounce partisanship; however, the text doesn't make any reference - if it wasn't invented out of thin air by the DCSF press office - to any political party, only to Hazel Blears' personal financial probity.

It is probably worth remembering at this point that several government ministers have been in the habit of quoting what they claim is other people's private correspondence during parliamentary debates, no doubt because they cannot be sued for what they say in the House. Specifically, Lord Warner, Andrew Miller MP, and Caroline Flint MP used what purported to be private e-mail sent by Professor Ross Anderson of Cambridge University and Simon Davies of Privacy International and LSE to score points in debates on ID cards and on the NHS National Programme for IT.

Nobody has ever explained how they came by these documents, or whether the quotes were genuine, and the (sigh) mainstream media has displayed zero interest. E-mail messages have the legal status of letters, and even under RIPA it would be hard to consider the campaign to opt out of the NPfIT Spine a question of national security. The government has form for using dubiously acquired, or possibly fictional, private correspondence for partisan ends.

Update: Well, well. She contacted Blears from her own Web site, by clicking a MAILTO link, which of course launched her local (i.e. service) mail client rather than a Hotmail account.

But the issue here is that a minister (with exceptions - Scotland and Wales and Northern Ireland, of course. Yes, yes) is responsible as an MP to their constituents, and as a minister to Parliament as a whole, i.e. the nation at one remove. Further, it's just fucking indecent and violent, an act of boss brutality. She was on £16,000 at age 38; what else is it?

Far from wanking about trivialities, we ought to demand her reinstatement. If she wants to deal with an organisation that spies on private correspondence for partisan ends, that is.

OK, it's coming down to the wire. Next week, on Wednesday, 8th July, the Government is going to put three regulations before the House of Commons. These are the crucial executive orders that put the guts of the Identity Cards Act in place; specifically, they are the ones that make it possible to force anyone who wants a passport (or any other official document not yet specified) to be fingerprinted, recorded, and loaded into the National Identity Register, to force the same people to pay for the dubious privilege unless they work at Manchester or London City Airports and have an airside security pass, and to pass any and all information from the Register to a variety of authorities including private credit-reference agencies and anyone who those authorities want to give it to.

At the current time of asking, this would appear to include the Uzbek secret police, so long as a police officer above the rank of inspector (!) acting on orders from a more senior officer, or the authorised agent of either secret service, GCHQ, SOCA, or the Inland Revenue says so. There is a clear hierarchy of priorities here; the fee is no problem so long as the compulsion doesn't get in, and although obviously evil, the data-trafficking is considerably less problematic if the compulsion doesn't get in.

So, time to write to them; remember that the scheme will be compulsory for anyone who ever wants to leave the country, which is another way of saying there is no choice; remember that the system is wildly insecure, that the biometrics have been hacked repeatedly, and that the Government wants to use the Chip-and-PIN infrastructure as a major part of it, and some Chip-and-PIN terminals mysteriously contain GSM radios that call numbers in Pakistan; remember that it will cost a fortune; and remember that many of the supposed "allied" intelligence services who will be able to ask for data from it have demonstrated that they cannot be trusted not to torture British citizens.

If you're scared of the whips, vote for the fees regulation and maybe the data sharing one if you're desperate and they've shown you the photos; but whatever you do, vote down the Information and Code of Practice on Penalties Order. It's secondary legislation, so it just takes one loss in the Commons to kill it.

Something else that came up at OpenTech; is there any way of getting continuing information out of the government? This is especially interesting in the light of things like Who's Lobbying? and Richard Pope and Rob McKinnon's work in the same direction; it seems to me that the key element in this is getting information on meetings, specifically meetings with paid advocates i.e. lobbyists. Obviously, this has some pretty crucial synergies with the parliamentary bills tracker.

However, it's interesting at best to know who had meetings with who at some point in the past, just as it is at best interesting to know who claimed what on expenses at some point in the past; it's not operationally useful. Historians are great, but for practical purposes you need the information before the next legislative stage or the next committee meeting.

I asked Tom Watson MP and John "not the Sheffield Wednesday guy" Sheridan of the Cabinet Office if the government does any monitoring of lobbyists itself; you'd think they might want to know who their officials are meeting with for their own purposes. Apparently there are some resources, notably the Hospitality Register for the senior civil service. (BTW, it was a bit of a cross section of the blogosphere - as well as Watson and a myriad of geeks, Zoe Margolis was moderating some of the panels. All we needed was Iain Dale to show up and have Donal Blaney threaten to sue everyone, and we'd have had the full set.)

One option is to issue a bucketful of FOIA requests covering everyone in sight, then take cover; carpet-bomb disclosure. But, as with the MPs' expenses, this gives you a snapshot at best, which is of historical interest. As Stafford Beer said, it's the Data-Feed you need.

So I asked Francis Davey, MySociety's barrister, if it's legally possible to create an enduring or repeating FOIA obligation on a government agency, so they have to keep publishing the documents; apparently not, and there are various tricks they can use to make life difficult, like assuming that the cost of doing it again is the same as doing it the first time, totalling all the requests, and billing you for the lot.

First of all, as soon as a piece of legislation is published, it has certain meta-data. Date originated; originating department; originating MP; originating house; type - primary legislation, order in council, statutory instrument; current status (pre-legislative/Green/White Paper, first reading, committee, report, second, third, Royal Assent, repealed/superseded). And, of course, a unique identifier. But they aren't isolated; they amend, supersede, or repeal other legislation, so every Bill object needs to keep this information as well.

And if it's secondary legislation, it has dependencies on at least one past Act of Parliament, so anything with the types order-in-council or statutory instrument has to track which Acts it inherits from. Similarly, a primary Bill may create possible secondary legislation.

Now we need to look at the revisions. Once the bill is published, it starts to attract changes; but it remains the same bill. So we need to have further rows which are permanently associated with the original bill, but uniquely identifiable in themselves. It's probably simplest to keep only the changes at each step, because much of the point of the whole project is to monitor the changes. It feels right to me, if nothing else, to consider all the texts of a bill to be revisions, contained within the bill wrapper.

So a revision contains the title, the text in its sections, the status of the text, the originating organisation, if possible the originating MPs, the timestamp, and the amend/supersede/repeal/inherit information, and a revision ID. At each revision stage, a new item is added, until the final version gets Royal Assent; it would make sense to sort them in reverse chronological order and make the most recent version the default that is retrieved when that bill is requested.

This gives us a reasonable database of legislation, but it's not going to be much use; for that we need some more comprehensible semantics. So each bill needs both a summary and some category tags, and both the bills and revisions will need to have users specify their own tags and notes. Add those fields as well... And we'll need links to the debates at each stage, as well. Chuck in a URI field for Hansard in each Revision.

Summing up in object oriented terms, we've got a class called Bill, which has instance methods for the various metadata we've described, and a subclass called Revision, whose instance methods provide all the fields for each revision, but which always inherits the metadata and unique identifier of the Bill that created it, and possibly a further subclass of Revision called Comment to contain user notes. Further, the Bill needs a method Amend that creates a new Revision with the amending text, which remains provisional (inheriting the amending Bill's current status) until the amending Bill is finalised. Of course, if we implemented it in something like Django the code could be precisely that.

In database terms, each Bill is a row with a primary key that uniquely identifies the bill and all its revisions and comments; each Revision and Comment is a row which has the same key as its parent Bill and a key which identifies it in the context of that Bill.

Update: Comments point out that a Comment shouldn't be a subclass of Bill, for because it's not legislation itself and it should be an is-a relationship not a has-a relationship. Good point; actually, commentary should probably be logically parallel to the actual text of legislation, but related to it - Commentary, with subclass UserComment, linked by the bill and revision IDs to the actual text.

And Dsquared tells us that the German Bundestag already has a public version control system for legislation! Here it is; it's very complete and logical, I'll say that for it, but there is no facility to annotate anything. But if you want to know precisely what the Baden-Württemburg delegation wanted to change in the law on modernisation of accounting requirements in the Federal Council's Committee stage, it gets you there in two clicks from the search page. User experience design does not mean making things pretty.

Saturday, July 04, 2009

OpenTech blogging...after this morning's MySociety brainstorm on the specifications for MPs' expenses and tracking bills through Parliament, I'm concerned that we're going to end up with the best imaginable system for monitoring public employees' expenses, and miss some absolute horror of a thing while our attention is elsewhere. (Is that the latent content of Heather Brooke?)

Certainly, the parliamentary bills tracker is a far more important and interesting project, unashamedly wonkful as it is. It's a CCTV camera in the sausage factory of legislation; it's hugely important to be able to monitor the drafting process itself, and correlate it with other sources of data - for example, information on meetings and lobbying extracted through the Freedom of Information Act.

As usual, the meeting ran off after a few minutes as various people came up with their pet idea for sexy graphics; if you can't insist on MVC architecture at a hacker conference, when can you?

User-generated tagging will be incredibly important; the nature of legislation is that the geographical areas affected aren't usually explicit, because it acts to change legal status rather than specific spots on the ground. So you need a way to flag which actual places and people will be affected...

Strangely, the longer it was discussed the more it sounded like a Linux package manager, what with the importance of dependencies, supersession, amendment, etc.

Wednesday, July 01, 2009

OK, so the Iranian police - well, the Basij, the IRGC, the spooks, the cops, the repressive state apparatus anyway - are publishing photos of demonstrators on the Web and trying to crowdsource the job of identifying the faces on their CCTV tapes. It says here. And, indeed, here they are.

Now, this is obviously a case where throwing a multi-gigabit DDOS attack at them would do nothing but gooood. If you want to load that page several thousand times, or post completely spurious information to it, of course there's nothing I can do to stop you, even though it is no doubt against the Computer Misuse Act.

But what depresses me about this project is that the idea was originated by the West Yorkshire Police after the Bradford race riot of 2001; they got the Telegraph & Argus to publish, day after day, front pages of CCTV or other surveillance images of rioters, in the hope that the public would turn them in. Which they did.

It's the kind of day on the Holloway Road that rappers get mawkish about. So, obviously, time for some blogging about open-source software for the public sector. I'm hugely impressed by the contestants in the SourceForge Community Contest, specifically the ones in the Government category. There's Trisano, a free epidemic surveillance system for public health officials. Think you're going to cook up squid flu in your shed and the sclerotic processes of Government 3-G can't do a thing? Think again.

In case that doesn't work, there's Sahana, the open-source disaster management application that works either as a network or as a standalone application. It's apparently been used from Galveston to China via New Orleans and is "pre-deployed" in New York - not only have they got the disaster software, they've even got disasters that haven't happened yet.

And there's the simply named Medical, an open-source healthcare information system, which is certain to be much less bad than whatever code-glob the Department of Health, Cerner, and BT eventually excrete onto the NHS. But my favourite, and the one I voted for, was Agepabase, a French-speaking GIS devised by the Senegalese government to plan the construction of water supplies.

I'm awed by the innovation and commitment., and ashamed by all the shite I've produced over the years. There is nothing at all like it in the other categories; if you don't count the RepRap, that is, which you ought to vote for in its own slot.